CVE-2012-3429

{"id": "CVE-2012-3429", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-07T21:55:01.983", "references": [{"url": "http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1139.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50086", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50159", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/02/5", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/54787", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1027341", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=842466", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77391", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a \"$\" character in a DN in a DNS query."}, {"lang": "es", "value": "La funci\u00f3n dns_to_ldap_dn_escape en src/ldap_convert.c en bind-dyndb-ldap v1.1.0rc1 y anteriores no procesa adecuadamente el nombre de un car\u00e1cter de escape en las (DN) en las consultas de LDAP, lo que podr\u00eda causar una denegaci\u00f3n de servicio (bloqueo del servicio de llamada) a trav\u00e9s de un car\u00e1cter \"$\" en un DN en una consulta de DNS."}], "lastModified": "2017-08-29T01:31:55.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:*:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEDFA61F-E6B5-464E-841F-BAF782464198", "versionEndIncluding": "1.1.0"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EAFBB42-05EE-44DB-85D4-D622C2B678E4"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5745D406-24EF-408D-8A57-2AEEB09FF41C"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA5463AE-3E88-4824-AB42-93B5E6FE8573"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8BA67DA-D03F-499E-8BCF-94C06A814383"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA76B53-60B9-40D9-A1FC-41FE6CED3148"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00063DB2-31C6-4580-AB99-72466B3FB33A"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374C3768-2379-4F82-8826-0B3EC53DA38C"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E72C8313-8F0F-4826-B96D-2B08685521C4"}, {"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56B1448-2A7B-4725-A78C-8D02B1EEB02F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}